Heartbleed

POODLE is coming back for more. The bug, which was originally thought to affect only older versions of the Secure Sockets Layer (SSL) protocol used to encrypt information as it travels around the Internet, is now known to affect the Transport Layers Security (TSL) protocol, too. Or put another way, without all the gobbledygook: a problem that allowed hackers to intercept and decrypt information forced website owners to update their security in October; the only problem is that the…

Dashlane has announced a new tool that will allow consumers to reset their passwords for some 75 major websites — including Facebook, Google, and Amazon — with a single click. It’s currently available as a beta product through the company’s desktop software, and it’s expected to make the jump to Dashlane’s mobile applications at some point in the future. I’ve wanted something like this since Heartbleed, the infamous security vulnerability that rocked the Internet when it was revealed…

Google researchers have discovered a vulnerability in the popular Secure Sockets Layer (SSL) tool that could allow attackers to perform so-called “man-in-the-middle” attacks to access encrypted private information. The vulnerability is called POODLE, and even though the majority of Web browsers have been updated to a version of SSL that doesn’t feature the bug, hackers can force the browsers to use older, vulnerable versions of SSL to enable their attacks. One of the researchers who discovered the POODLE bug

Yahoo’s servers have been compromised by Romanian hackers looking to gain access to the popular Yahoo Games server, security researcher Jonathan Hall reported on his website, with a corresponding email purportedly from Yahoo’s in-house security team confirming the breach. The hackers are said to have gained access to Yahoo’s servers through the Shellshock bug — a vulnerability in Unix-based operating systems that can allow attackers to take total control over an affected device — making it the first large breach…

A vulnerability in the tool used by many operating systems to interface with Unix’s command prompt was revealed earlier this week, and many have declared that it’s more dangerous than the infamous Heartbleed bug, largely because it offers complete access to compromised devices. The bug, which has been dubbed “Shellshock” by researchers and the media, will probably be in the headlines for some time. (Or at least that’s what I hope, given the importance of continued scrutiny in face of…

Researchers have discovered a major bug in Unix-based operating systems said to have worse implications than Heartbleed — the OpenSSL bug that left two-thirds of the Internet insecure by allowing attackers “complete access” to a device. Reuters reports that the new bug can be exploited to offer “complete control of a targeted system,” and everything from many Linux distributions to Apple’s desktop operating system could be hit by the bug, which exploits a vulnerability in the tool used to access Unix’s command…

Apple has revealed via its App Store Distribution page that some 46 percent of iOS devices have been updated to the latest version of its mobile operating system just five days after it debuted. While that figure might be slightly misleading because it’s based on devices that have connected to the App Store since iOS 8 was released last week, it’s still a good reminder of just how quickly iPhone and iPad owners update their device’s software. With all the…

In the second season of “Game of Thrones,” a character brags about having an impenetrable safe in which he keeps all of his vast riches safe from those who would steal his fortune. That safe isn’t quite what it seems — don’t worry, I won’t spoil the show — but its appeal is obvious: Who wouldn’t want to protect their prized possessions with something that can’t be cracked? Unfortunately, a safe offering that level of protection can only exist in a world…

Google has gone from collecting the world’s information to protecting it with Project Zero, a new initiative through which the company will hire security professionals and task them with finding bugs in digital products and informing their creators of the issue as fast as possible. A member of Google’s security team explained the reasoning behind the project in a blog post: You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software…

Heartbleed continues to haunt technology companies, security researchers, and the consumers whose personal information might be compromised by the infamous security vulnerability. A report from Errata Security says that 300,000 servers are still vulnerable because of the bug, which was discovered in April, and that efforts to patch those vulnerabilities have stalled out. That’s in stark contrast to a previous report, which said that the number of servers affected by Heartbleed had fallen from 600,000 to 300,000 in just one month. “This…

The OpenSSL Foundation is urging companies to update their implementation of the open source toolkit to patch a vulnerability allowing man-in-the-middle attacks between insecure servers and clients. The bug allowing the attacks is present in all versions of OpenSSL, so even companies that updated their implementations after the Heartbleed bug was revealed will now have to update it again to stop another critical flaw from affecting both them and their users. Nicholas Percoco, the vice president of strategic…

Australian iPhone users are reporting that their devices have been “hacked” and held for ransom by someone calling themselves Oleg Pliss. The attacker is offering access to affected devices in exchange for around $100, according to the Age, and has compromised iPhones across Australia. The attacks have been reported to Apple and to relevant local authorities. These reports continue months of security woes for Apple customers. First it was revealed that the company had failed to implement a security standard…

Google never forgets. Its spiders will scour the Web until there’s nothing left to index, retrace their steps to see if they missed anything, and repeat the process until the company crumbles. Keeping information away from those inquisitive digital arachnids is beyond most people’s abilities. Now a European court is trying to make them hide some of the data they’ve found. Europe’s top court ruled Monday that people have a right to be forgotten — which, according to the court, means they…

Some of the world’s largest technology companies are finally addressing the problems that led to the Heartbleed bug, a small coding error that made two-thirds of the Internet insecure. A new group called the Core Infrastructure Initiative is meant to “fund open source projects that are in the critical path for core computing functions” and has support from Google, Facebook, Microsoft, Intel, Cisco, and other large technology companies affected by the Heartbleed bug. The Core Infrastructure Initiative plans to…

Facebook has introduced Scrapbook, a new feature that allows parents to share and collect images of their children in one place without requiring them to worry about tagging their kids’ face with each other’s names just to make sure they don’t miss what the other person has posted. [Source: Facebook]

“For all the clumsy rhetorical lip service [former Yahoo News head] Guy Vidra pays to The New Republic’s hallowed intellectual traditions, this is what his vision of a nimble digital news product finally translates into: a vaguely journalistic veneer strategically designed to conceal a rancid interior of ‘elevated’ advertising.”

Indian e-commerce company Flipkart is said to be raising $600 million in its latest bid to compete with Amazon. The company is also said to have garnered a higher valuation with this funding round — quite the feat, considering it was previously valued at around $11.5 billion. [Source: The Economic Times]

Here comes another unicorn: Sprinklr, a New York-based marketing company, has raised $46 million at a $1.17 billion valuation. The funds will be used to help the 700-person company expand its marketing platform. [Source: Fortune]

Curator, the tool Twitter created so the media could find and share tweets with its audience, is now available to the public. Because if there’s anything people wanted to see more of, it’s tweets randomly inserted into blog posts, television spots, and other forms of media. [Source: TechCrunch]

A court in France has decided not to ban Uber’s low-cost services until the country’s highest appeals court, or its supreme court, weigh in on the constitutionality of a new transport law. [Source: The Wall Street Journal]

Tinder is refocusing on its spam-fighting efforts in the wake of reports that movie studios are using the service to promote their movies, scammers are attempting to steal information via the app, and pranksters have created tools that trick heterosexual men into flirting with each other. [Source: The Verge]

Uber offers drivers whose accounts have been deactivated a choice: attend a class that requires them to pass an exam, or take a class that doesn’t. The latter has been informed by Uber employees, and the company has sent thousands of drivers to it, according to a report from BuzzFeed. Why is that a problem? Because Uber isn’t supposed to provide its drivers with formal training; doing so makes them bona fide employees, not independent contractors. [Source: BuzzFeed]

Flipboard users will now be able to collect articles and share them via private magazines visible only to members of certain groups. The feature is aimed at students working in the same class, companies sharing press coverage, and other groups that might want an easy way to share Web pages with each other without having to use public tools like Facebook or Twitter. [Source: Flipboard]